Key Takeaways
- Shadow AI used to mean employees pasting sensitive data into AI chat. The new Shadow AI is different in kind: employees building full applications on vibe-coding platforms, connecting them to production systems, and deploying them on the open internet.
- The conversation moved from prompt to product — and the risk surface moved with it. The artifact is no longer a sensitive prompt; it’s sensitive software, custom-built and custom-loaded with corporate data.
- Shadow Builders aren’t (usually) malicious. They’re competent employees solving real problems faster than their organization could — doing exactly what the platforms invited them to do. The visibility gap that follows is structural, not a tooling failure.
Get the full report here:
The term Shadow AI has been in circulation for roughly two years. Until recently, it meant something narrower than what’s actually happening now: employees using unsanctioned AI tools, pasting things they shouldn’t into chat windows, running confidential documents through unmanaged summarizers on personal accounts. That problem is real, and it isn’t going away.
But it’s not the problem this series is about.
The new Shadow AI is a different category. Employees are no longer just talking to AI. They’re building with it — spinning up full applications on vibe-coding platforms, connecting those applications to production systems, and deploying them, often on the open internet, almost always without involving security or IT. The conversation moved from prompt to product. The risk surface moved with it.
Red Access documented the new category at category-level scale in The Shadow Builders Inside Your Organization — research that found this pattern across six continents and every industry examined. The findings have been covered in WIRED and Axios as the early outside read on the shift. This series unpacks what the report describes and what to do about it. The numbers, examples, and frameworks all come from there; the goal here is to land the reframe.
The old Shadow AI was about prompts. The new one is about products.
The earlier definition was about behavior. An employee pastes regulated customer data into a public AI chat. A sales rep summarizes a sensitive deal memo on a personal ChatGPT account. A junior analyst drops a roster of names into a free tool to “help with formatting.” The artifact was a prompt — a one-time leak through a known channel, which is exactly the kind of leak the existing stack was designed to catch.
The new Shadow AI produces an artifact. A marketing manager doesn’t paste her campaign data into a chat — she builds a campaign tracker, connects it to the BI tool where the real numbers live, and deploys it to a URL she can share with her team. A procurement analyst doesn’t summarize a vendor list — she builds a quarterly-spend dashboard, pulls invoice data into it, and ships it to the rest of the procurement org before the week is out.
The artifact is no longer a prompt. It’s software. Custom-built, custom-loaded with data, integrated directly into sanctioned systems of record, and frequently published on the open internet. That’s the shift from a behavior problem to an artifact problem.
This is also where Shadow AI breaks decisively from Shadow IT. Shadow IT was bounded. When a marketing team bought a Trello account on a corporate card without telling IT, the data stayed inside an unsanctioned SaaS vendor — but identity, audit logs, and governance at least existed. Shadow AI inverts that. The application is custom-built. The data is custom-loaded. The integrations are direct connections to production CRMs, ERPs, ticketing systems, and BI tools. The artifact is very often published on the open internet. The platform underneath may be audited; the application built on it isn’t. There is the builder, the platform, and the URL. IT? Mostly not in the room.
Meet the Shadow Builders
The people producing the new Shadow AI aren’t malicious. They’re the marketing manager prototyping a campaign tracker, the operations lead automating a vendor workflow, the HR coordinator building a candidate intake form, the finance team putting together a board-prep dashboard before Friday. They are competent, well-intentioned employees solving real problems faster than their organization could.
They are doing exactly what the platforms invited them to do.
Shadow Builders exist across every industry and at every level of the org chart, executives included. Their intent is benign — they’re making productivity decisions, not security ones. And the platforms aren’t villains either; they’re doing what their original audience asked for. The risk isn’t a bad actor. It’s the absence of guardrails — technical and behavioral — for what happens after the build.
Why this category sits outside what your current stack was designed to see
The shape of the activity doesn’t fit any single layer of the existing stack. EDR, DLP, CASB, firewall, SSE, enterprise browser — each was built to govern a different shape of risk than the one Shadow AI presents. A firewall sees traffic to a vibe-coding platform’s domain; it can’t tell you that a specific subdomain is a custom finance app connected to corporate data and published to the open internet. The relevant signals exist; they sit across systems that don’t correlate them into anything actionable. The visibility gap is structural, not a tooling failure. A later piece in this series walks through exactly why each layer misses this.
Where the series goes from here
This is the first of six pieces. The series moves from here to the research itself — the population of applications Red Access identified, and what share were reachable from the open internet. From there: the anatomy of a single Shadow Build, why the existing security stack can’t see the category end to end, what attackers are quietly doing with the same platforms, and finally, what CISOs should do this week — and where visibility on this category actually has to live.
It’s a single argument that builds across the series, not six standalone posts.
If you want the research the series is built on, The Shadow Builders Inside Your Organization is available here. The rest of this series unpacks it.
